The Corporate IT (CIT) organization is responsible for all facets of architecture, software development and production support of key internal systems supporting areas such as Finance, Revenue, Treasury, Human Resources, Legal, Risk, Compliance, Contact Center and End User.

In the GRC & HR Information Technology team, we are building an organization to focus on Engineering and Operational Excellence (EOE). This includes Security Vulnerability management for both hardware and software, establishing our internal business processes, scorecards and metrics, tracking team progress and building formal Operational Procedures/Playbooks for our applications.

• Performing Security Analysis on custom applications, packaged software solutions and third party hosted solution, in accordance with OWASP standard and SANS 25, as well as Visa’s technical security best practices, to identify security vulnerabilities.

• Developing remediation plans and resolve these findings, or if needed implement mitigating controls to reduce exposure.

• Collaborating with application development team or 3rd party vendor’s technical resources to remediate reported vulnerabilities to mitigate any exposures

• Managing remediation of findings from the vulnerability-scanning tool (Qualys) and collaborating with infrastructure engineering team to apply patches or update configurations per guidance.

• Working with vendor technical resources to remediate reported vulnerabilities to mitigate any exposures, improve the overall security posture, and reduce risk.

• Completing a functional smoke test post each patch installation.

• Creating and maintaining appropriate documentation to log and track findings/vulnerabilities closure progress by the vendor or application development team.

• Bachelor’s Degree in Computer Science or related discipline
• Active CISSP certification required, Vulnerability management by Qualys Certification a plus
• 2-3 Years of experience in systems administration, or relevant experience in software engineering and development.
• Strong understanding of OWASP standard and SANS 25
• Strong understanding of control frameworks such as NIST-800-53, Center of Internet Security, ISO/IEC 27002
• Experience with Windows Server and Linux (RHEL) operating systems
• Experience with OS level server hardening and strong knowledge of security controls
• Experienced in PowerShell Scripting and/or Bash Shell Scripting,
• Experience working in a multinational environment with geographically dispersed teams strongly preferred
• Strong follow-through, problem identification, analysis and problem-solving skills
• Self-motivated with the ability to exercise independent judgment with minimal direction from supervisor

All your information will be kept confidential according to EEO guidelines.